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- Hie MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the* set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )El Responsive to communication(s) filed on 02 January 2004 . 
2a)K This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1, 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-66 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-66 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
11 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)Q Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



1 . The enclosed detailed action is in response to the Amendment submitted on January 2, 



2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

3. Claims 1-13, 15-21, 23-41, 43-57 and 60-66 are rejected under 35 U.S.C. 102(e) as being 
anticipated by O'Hare et al. (USPN: 6,484,173). 

Regarding claims 1, 6-7 and 12, O'Hare discloses in response to a non-media access request (a 
system call) by a first of the plurality of devices to a logical device at the shared resource for 
which the first device has no data access privileges (wherein data access privileges refers to read 
or write access) (C 10, L 13-14; this condition occurs when access control of the system includes 
read and write operations and when read and write operation access types are not allowed for the 
first device to the logical device at the shared resource; each requesting device is allowed access 
to certain regions of the shared resource for certain access types, refer to C 10 - C 14; Figure 5 
and Figure 6), determining whether the first device is authorized to have non-media access to the 
logical device and authorizing the non-media access request when it is determined that the first 
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device is authorized to have non-media access to the logical device (Figure 6, References 202, 
216, 220, 224, 226, 228, 230 and 214; C 12, L 57-65; C 13, entire; C 14, L 1-21). 

Regarding claims 2-3 and 16, O'Hare discloses denying the non-media access request when it is 
determined that the first device is not authorized to have non-media access to the logical device 
(C 13, L 57-61; this effectively ignores the request since the request is never processed or 
executed). 

Regarding claims 4 and 17-18, O'Hare discloses forwarding the non-media access request to the 
physical device corresponding to the logical device (Figure 1, References 34-36; Figure 3; 
Reference 36; requests are forwarded to the physical device via ports 34-36; C 7, L 31-39). 

Regarding claims 5, 24 and 32, O'Hare discloses system calls, which control configuration and 
operation of the storage system and thus such system intrinsically includes any requests which is 
related to configuring or operating the storage system and that includes an availability request (C 
6, L 30-32). 

Regarding claims 8 and 10, O'Hare discloses the elements of claim 1 performed by a filter 
(security module; C 14, L 22-32) that controls access to a plurality of logical devices (Figure 1, 
References 24-26) at the shared resource (Figure 1 , Reference 22) and further comprising 
maintaining in a data structure (matrix, Reference 100 in Figure 5) accessible to the filter 
configuration information corresponding to the first device wherein the configuration 
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information includes first configuration information identifying each of the plurality of logical 
devices (W, X, Y, Z) to which data access (access indicated by one of B, C and M which 
represents data access level) by the first device (one of requestors Q, R, S, T and V) is authorized 
and whether the non-media access (access indicated by one of B, C and M which represents the 
non-media access level) is authorized to each of the plurality of logical devices for which the 
configuration information identifies that no data access is authorized for the first device (C 10, L 
21-67; C 11, L 1-32). 

Regarding claim 9, O'Hare discloses examining the configuration information corresponding to 
the first device to determine whether the first device is authorized to have non-media access to 
the logical device (C 13, L 54-61). 

Regarding claims 1 1 and 23, O'Hare discloses determining whether an access request by the first 
device is one of a data access request and a non-media access request (C 13, L 54-61). 

Regarding claims 13 and 21, O'Hare discloses the storage system performing the operations in 
claim 12 (Figure 3, Reference 22, 60; C 14, L 22-32). 

Regarding claims 15, 19-20 and 25-27, O'Hare discloses maintaining in a data structure (matrix, 
Reference 100 in Figure 5) accessible to the filter configuration information corresponding to the 
first device wherein the configuration information includes first configuration information 
identifying each of the plurality of logical devices (W, X, Y, Z) to which data access (access 
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indicated by one of B, C and M which represents data access level) by the first device (one of 
requestors Q, R, S, T and V) is authorized (C 10, L 21-67; C 1 1, L 1-32); in response to a non- 
media access request (a system call) by a first of the plurality of devices to a logical device at the 
shared resource for which the first device has no data access privileges (wherein data access 
privileges refers to read or write access) (C 10, L 13-14; this condition occurs when access 
control of the system includes read and write operations and when read and write operation 
access types are not allowed for the first device to the logical device at the shared resource; each 
requesting device is allowed access to certain regions of the shared resource for certain access 
types, refer to C 10 - C 14; Figure 5 and Figure 6), determining whether the first device is 
authorized to have non-media access to the logical device and authorizing the non-media access 
request when it is determined that the first device is authorized to have non-media access to the 
logical device (Figure 6, References 202, 216, 220, 224, 226, 228, 230 and 214; C 12, L 57-65; C 
13, entire; C 14, L 1-21). 

Regarding claims 28, 33, 38-41, 48, 52 and 57, O'Hare an input to be coupled to the network, 
wherein the network couples the plurality of devices to the shared resource (Figure 3, Reference 
62; C 4, L 18-30); and at least one filter (Figure 3, Reference 64; C 14, L 22-32) coupled to the 
input (via Reference 62 in Figure 3) that is responsive to the non-media access request by a first 
of the plurality of devices to a logical device at a shared resource for which the first device has 
no data access privileges (wherein data access privileges refers to read or write access) (C 10, L 
13-14; this condition occurs when access control of the system includes read and write 
operations and when read and write operation access types are not allowed for the first device to 
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the logical device at the shared resource; each requesting device is allowed access to certain 
regions of the shared resource for certain access types, refer to C 10 - C 14; Figure 5 and Figure 
6), to determine whether the first device is authorized to have non-media access to the logical 
device and to authorize the non-media access request when it is determined that the first device is 
authorized to have non-media access to the logical device (Figure 6, References 202, 216, 220, 
224, 226, 228, 230 and 214; C 12, L 57-65; C 13, entire; C 14, L 1-21). 

Regarding claim 29, 31, 49 and 51, O'Hare discloses the filter denying the non-media access 
request when it is determined that the first device is not authorized to have non-media access to 
the logical device (C 13, L 57-61; this effectively ignores the request since the request is never 
processed or executed). 

Regarding claims 30 and 50, O'Hare discloses a plurality of storage devices (C 5, L 64-67) 
coupled to the at least one filter, and wherein when it is determined that the first device is 
authorized to have non-media access to the logical device, the at least one filter forwards the 
non-media access request to a storage device corresponding to the logical device (C 7, L 48-67; 
C8,Ll-24). 

Regarding claims 34, 36, 48 and 53-54, O'Hare discloses data structure (matrix, Reference 100 
in Figure 5), accessible to the at least one filter, that stores configuration information 
corresponding to the first device that includes first configuration information identifying each of 
a plurality of logical devices (W, X, Y, Z) at the shared resource to which data access (access 
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indicated by one of B, C and M which represents data access level) by the first device (one of 
requestors Q, R, S, T and V) is authorized and second configuration information identifying 
whether non-media access (access indicated by one of B, C and M which represents the non- 
media access level) is authorized to each of the plurality of logical devices for which the first 
configuration information identifies that no data access is authorized for the first device (C 10, L 
21-67; C 11, L 1-32). 

Regarding claims 35 and 55, O'Hare disclose the at least one filter examining the second 
configuration information corresponding to the first device to determine whether the first device 
is authorized to have non-media access to the logical device (C 13, L 54-61). 

Regarding claims 37 and 56, O'Hare discloses examining the access request to determine 
whether the access request is one of a data access request and a non-media access request (C 13, 
L 54-61 - determining access request type). 

Regarding claims 28, 33, 38-41, 48, 52 and 57, O'Hare an input to be coupled to the network, 
wherein the network couples the plurality of devices to the shared resource (Figure 3, Reference 
62; C 4, L 18-30); and at least one filter (Figure 3, Reference 64; C 14, L 22-32) coupled to the 
input (via Reference 62 in Figure 3) that is responsive to the a non-media access request by a 
first of the plurality of devices to a logical device at a shared resource for which the first device 
has no data access privileges (wherein data access privileges refers to read or write access) (C 
10, L 13-14; this condition occurs when access control of the system includes read and write 
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operations and when read and write operation access types are not allowed for the first device to 
the logical device at the shared resource; each requesting device is allowed access to certain 
regions of the shared resource for certain access types, refer to C 10 - C 14; Figure 5 and Figure 
6), to determine whether the first device is authorized to have non-media access to the logical 
device and to authorize the non-media access request when it is determined that the first device is 
authorized to have non-media access to the logical device (Figure 6, References 202, 216, 220, 
224, 226, 228, 230 and 214; C 12, L 57-65; C 13, entire; C 14, L 1-21). 

Regarding claim 29, 31, 49 and 51, O'Hare discloses the filter denying the non-media access 
request when it is determined that the first device is not authorized to have non-media access to 
the logical device (C 13, L 57-61 ; this effectively ignores the request since the request is never 
processed or executed). 

Regarding claims 30 and 50, O'Hare discloses a plurality of storage devices (C 5, L 64-67) 
coupled to the at least one filter, and wherein when it is determined that the first device is 
authorized to have non-media access to the logical device, the at least one filter forwards the 
non-media access request to a storage device corresponding to the logical device (C 7, L 48-67; 
C8,Ll-24). 

Regarding claims 34, 36, 48 and 53-54, O'Hare discloses data structure (matrix, Reference 100 
in Figure 5), accessible to the at least one filter, that stores configuration information 
corresponding to the first device that includes first configuration information identifying each of 
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a plurality of logical devices (W, X, Y, Z) at the shared resource to which data access (access 
indicated by one of B, C and M which represents data access level) by the first device (one of 
requestors Q, R, S, T and V) is authorized and second configuration information identifying 
whether non-media access (access indicated by one of B, C and M which represents the non- 
media access level) is authorized to each of the plurality of logical devices for which the first 
configuration information identifies that no data access is authorized for the first device (C 10, L 
21-67; C 11, L 1-32). 

Regarding claims 35 and 55, O 5 Hare discloses the at least one filter examining the second 
configuration information corresponding to the first device to determine whether the first device 
is authorized to have non-media access to the logical device (C 13, L 54-61). 

Regarding claims 37 and 56, O'Hare discloses examining the access request to determine 
whether the access request is one of a data access request and a non-media access request (C 13, 
L 54-61 - determining access request type). 

Regarding claims 43-47, O'Hare discloses a computer readable medium (C 18, L 36-60) 
comprising a data structure relating to access management by a plurality of network devices to 
data stored on a plurality of logical devices of a shared resource, the data structure including a 
plurality of records each corresponding to one of the plurality of network devices, a first record 
of the plurality of records corresponding to a first of the plurality of network devices and 
including configuration information identifying each logical device of the plurality of logical 



Application/Control Number: 09/75 1 ,684 Page 1 0 

Art Unit: 2187 

devices to which data access by the first network device is authorized to have non-media access 
to a first logical device of the plurality of logical devices when the configuration information 
corresponding to the first network device identifies that no data access to the first logical device 
from the first network device is authorized (Figure 5, C 10, L 28-67; C 11, entire; C 12, L 1-33). 

Regarding claims 60-66, O'Hare discloses a plurality of storage devices that store a plurality of 
logical volumes of data (C 5, L 64-67); a data structure to store configuration information 
identifying whether a first network device of a plurality of network devices [C 4, L 18-30 - when 
the devices are coupled to the storage via a network, the devices are network devices] that are 
coupled to the storage system is authorized to access data on a first logical volume of the 
plurality of logical volumes (Figure 5, Reference 100; C 21-67 ; C 1 1, L 1-32); and a filter, 
responsive to the configuration information stored in the data structure, to selectively forward 
non-media access requests from the first network device to the first logical volume when the 
configuration information identifies that no data access to the first logical volume from the first 
network device is authorized (Figure 3, Reference 64; C 14, L 22-32; Figure 6; C 12, L 57-67; C 
13, entire; C 14, L 1-21). 

Claim Rejections - 35 USC § 103 
4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 1 02 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 
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5. Claims 14, 22 and 59 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
O'Hare et al. (USPN: 6,484,173). 

Regarding claims 14 and 22, O'Hare discloses the limitations cited above in claims 12 and 15, 
however, O'Hare does not disclose the operations of claim 12 performed outside of the storage 
system. In O'Hare's system the operations are performed within the storage system. It is well 
known in the art to remove functionality from one device to another to simplify the design 
thereof or to free the device from performing such functions so that the device may perform 
other functions [efficiency]. This feature would be desirable in the system of O'Hare if one 
wanted to simplify the design of the storage system or to operate the storage system more 
efficiently and thus it would have been obvious to one of ordinary skill in the art to modify 
O'Hare's system to perform the operations external to the data storage system for the above 
reasons. 

Regarding claim 59, O'Hare discloses the at least one filter and the input inside the data storage 
system (Figure 3, Reference 63 and 62 respectively). However, O'Hare does not disclose the 
data structure disposed outside of the storage system. Systems are implemented according to 
design goals and thus elements are located in a system to meet the design goals. Accordingly, it 
is a matter of design choice to locate the data structure outside of O'Hare's storage system. 

6. Claims 42 and 58 are rejected under 35 U.S.C. 103(a) as being unpatentable over O'Hare 
et al. (USPN: 6,484,173) in view of Monsen et al. (PGPUB: 2003/0050962). 





Application/Control Number: 09/751,684 



Page 12 



Art Unit: 2187 

Regarding claims 42 and 58, O'Hare does not disclose the filter and the input disposed on the 
outside of the storage system. However, Monsen discloses a filter and an input disposed outside 
of a storage system (Monsen - filter; Figure 1, Reference 12; input; signals lines coupling 
References 20-24 and 12; storage system; Figure 1, Reference 34). It is common knowledge in 
the art to remove functionality and/or logic from one device to another to simplify the design 
thereof or to free the device from performing such functions so that the device may perform 
other functions [efficiency]. This feature would be desirable in the system of O'Hare if one 
wanted to simplify the design of the storage system or to operate the storage system more 
efficiently and thus it would have been obvious to one of ordinary skill in the art to modify 
O 5 Hare's system to dispose the filter and the input outside of the storage system for the above 
reasons. 



7. Applicant's arguments filed have been fully considered but they are not persuasive. 
Regarding Applicant's argument that O'Hare does not teach non-media access request, the 
Examiner disagrees. O'Hare teaches that system calls do not directly read or write data. The 
system calls are used to perform administrative task and since these commands do not read or 
write data to an identified logical volume, such calls are non-media request. 



Response to Arguments 



Additionally, O'Hare teaches authorizing a non-media access request to a logical device from a 
device that lacks data access privileges to that device. Refer to C 13, L 24-31 . When a pass 
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override is set, a system call is allowed access to the device even when data access privileges are 
prevented to that device. 

Conclusion 

8. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kimberly N. McLean-Mayo whose telephone number is 703-308- 
9592. The examiner can normally be reached on M-F (9:00 - 6:30) First Friday Off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Donald Sparks can be reached on 703-308-1756. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Kimberly N. McLean-Mayo 

Examiner 

Art Unit 2187 



March 22, 2004 




